Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Top 5 FPS ...ks.exe

windows10-2004-x64

7

Top 5 FPS ...ks.exe

macos-10.15-amd64

4

Resubmissions

12/09/2024, 14:22

240912-rpwkhaydmp 7

12/09/2024, 14:21

240912-rpcsdsydma 7

Analysis

  • max time kernel
    19s
  • max time network
    21s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Top 5 FPS Boosting Packs.exe

  • Size

    1.6MB

  • MD5

    eb707ae3be461641ec166fdd6a9e59a9

  • SHA1

    2295357e7cf54d4e583effe16c924053e29e9848

  • SHA256

    85d479d2144a9f0d7fe963d37b4969e8f9d41ec673967e8daf7b32ffe8c88a60

  • SHA512

    d04d63d32ff3a5b32ef390ecae3ad0cbc5f848c99f2a76a6de4c11f59eb33fe44fc6a89ff8fdf9f9ca88984a40dbc8194a4121b78cdfa9c345afbc8be89a84aa

  • SSDEEP

    24576:gawwKusHwEwS2QGqKwGzO6I6h6gEGe/NIsWvMyCShxSR:wwRED0QShv2NuMsSR

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Top 5 FPS Boosting Packs.exe
    "C:\Users\Admin\AppData\Local\Temp\Top 5 FPS Boosting Packs.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Users\Admin\AppData\Local\Temp\is-UQ4VD.tmp\Top 5 FPS Boosting Packs.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-UQ4VD.tmp\Top 5 FPS Boosting Packs.tmp" /SL5="$601D6,865850,776192,C:\Users\Admin\AppData\Local\Temp\Top 5 FPS Boosting Packs.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://songsthread.space/tracker/thank_you.php?trk=2477
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4496
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffce4c46f8,0x7fffce4c4708,0x7fffce4c4718
          4⤵
            PID:2396
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
            4⤵
              PID:4976
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4448
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
              4⤵
                PID:4984
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                4⤵
                  PID:4836
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
                  4⤵
                    PID:5088
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
                    4⤵
                      PID:4712
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
                      4⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4220
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10033385094319078584,9341328086037880854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                      4⤵
                        PID:3612
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4596
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2256

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
                      Filesize

                      1KB

                      MD5

                      7fb5fa1534dcf77f2125b2403b30a0ee

                      SHA1

                      365d96812a69ac0a4611ea4b70a3f306576cc3ea

                      SHA256

                      33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

                      SHA512

                      a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
                      Filesize

                      436B

                      MD5

                      971c514f84bba0785f80aa1c23edfd79

                      SHA1

                      732acea710a87530c6b08ecdf32a110d254a54c8

                      SHA256

                      f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

                      SHA512

                      43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
                      Filesize

                      174B

                      MD5

                      f5bddda59ee1e2a288275c9f0e28f828

                      SHA1

                      79ce642c554f6e415d97eeea802ff4398167ce98

                      SHA256

                      fe665a9cc4982eea2554043c97e9bf4a87481620788d5eb8bca3d1aec74e5294

                      SHA512

                      7955d6198779a631ae0303521abf8e373b50c7269bc6660501df60c7926e420fa824fc599ed75513611dac244df0e1658eed221362ffaab8d11b94433d500255

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
                      Filesize

                      170B

                      MD5

                      90876c1c058b68719f1db146ea8d2400

                      SHA1

                      26e12a9c722a96c408b7799f11952e9306b06f3e

                      SHA256

                      62ef9bd9e0ba1ae470b24219fadb521261fb0f1aecd432b4485c4169bcaa237a

                      SHA512

                      8c2bc3d4f62eed9ef69e69b0314c30182ca809bf5b50c051c712f776f15cffc138bfa282fa0df2104da676e63cb93314c762af95dc72fc9656c81be9cc110c25

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      b9569e123772ae290f9bac07e0d31748

                      SHA1

                      5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                      SHA256

                      20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                      SHA512

                      cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      eeaa8087eba2f63f31e599f6a7b46ef4

                      SHA1

                      f639519deee0766a39cfe258d2ac48e3a9d5ac03

                      SHA256

                      50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                      SHA512

                      eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                      Filesize

                      629B

                      MD5

                      5c2506060762703893c82bea3c827446

                      SHA1

                      6dd9f82486ddd1f1c1efb0f5fab27ee9269894f1

                      SHA256

                      2d6a0a978ade2e309ac2fd9765f93b0a0daf4e64910e5a11b292341e6325a0d5

                      SHA512

                      005c7e8c9a4ea4c362e947733431aa9944e31d888fee5b6a15388942c5e7a93d50d9b6544b2bc62a46d8882fadd62ec81cc2b8ae6b224715ed30d6730ce6a9ef

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      6KB

                      MD5

                      3299e57950edcfccb16cb88f126835fb

                      SHA1

                      cfed782ced3ecc6aed7357838fed8fa34e09b01f

                      SHA256

                      e41315e49c80d2dbb8bb62371dd62628efb14321fde0cacbce190f785e9e408e

                      SHA512

                      87a79aa3c487ca4b3097f36a2ef1d4df1df65295f4ae76a3fb23fccd30213bed2b19d8f69ef8ae342542cdc75d5cd883507fc7663589ecbbf4ca890b0a0676f5

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      6KB

                      MD5

                      6e73a4aa9da046f44356a6057ff46ccb

                      SHA1

                      5ac814766d360be12388f6c6ab8dd5d3a2c230b6

                      SHA256

                      9016557f4b89dfd8e03c494a6e6bfddde42e919b9624ccf284269a5c1261157a

                      SHA512

                      e3256240474e65e20ab1ee171752debd112f50ccfbb57af4cef8f64807d09ddd5e7f136f58ef00f440ae2f405a8874c91b6f767c22a1f1a29e52e6c99a0bf8fd

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                      Filesize

                      16B

                      MD5

                      6752a1d65b201c13b62ea44016eb221f

                      SHA1

                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                      SHA256

                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                      SHA512

                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      10KB

                      MD5

                      9b7be9f749feb70b43da313e52000a50

                      SHA1

                      5cde4bcb71a7e79a7df26814cca12f5788cbab77

                      SHA256

                      b45dfd2bceafce836b4b75ca0f62530ff6ff684c7a5fe6aa3fe5a94405222dd6

                      SHA512

                      6ecceaa340b44c5717c802b196a87a6aa206c2c4dbce0b8cb7fea5fd87264c470efc3013dc2ef28f049d76672538bdd9ce781eec478a3c95be3aba8a5ac496f3

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      10KB

                      MD5

                      55b894f1e6a6feb3009a6accbc544eff

                      SHA1

                      a888ac324894679af69c08a21e5e7090c60122a1

                      SHA256

                      bae6bfe58c5f34f415f2ad72d969e653fc97147a7674301bd4ad15b362f7986e

                      SHA512

                      35ef3d049186a8de969c2db28e917e01b65db4d9076919cfa461d55254bb11973e50d39ce726779de62b1cdbe3bb2b33c2055dcbe1c20e4cb965bc0c70147940

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\is-UPLT7.tmp\idp.dll
                      Filesize

                      232KB

                      MD5

                      55c310c0319260d798757557ab3bf636

                      SHA1

                      0892eb7ed31d8bb20a56c6835990749011a2d8de

                      SHA256

                      54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

                      SHA512

                      e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\is-UQ4VD.tmp\Top 5 FPS Boosting Packs.tmp
                      Filesize

                      3.0MB

                      MD5

                      5e2c5ea1532b4cf4b2566cae870c8a90

                      SHA1

                      0e69a3cec087855accbd515d009ec5b445355bc3

                      SHA256

                      63392a0daf2d9264ff34f71d533552eece4395a7627a9ec83bf805989c690d68

                      SHA512

                      24ab71f0ee55928ac40b137d4d55cee425f42993246c33cb27a50a642a420f0729ec108a31f0ab315239b7ccbb16a63f565178ec6bca627c371bc7ca6e7d856e

                      Download Submit

                    • memory/400-30-0x0000000000400000-0x00000000004CB000-memory.dmp

                      Filesize

                      812KB

                      Download

                    • memory/400-0-0x0000000000400000-0x00000000004CB000-memory.dmp

                      Filesize

                      812KB

                      Download

                    • memory/400-2-0x0000000000401000-0x00000000004A9000-memory.dmp

                      Filesize

                      672KB

                      Download

                    • memory/2036-29-0x0000000000400000-0x0000000000706000-memory.dmp

                      Filesize

                      3.0MB

                      Download

                    • memory/2036-6-0x0000000000400000-0x0000000000706000-memory.dmp

                      Filesize

                      3.0MB

                      Download